On Tue, Dec 04, 2001 at 08:45:56AM +0000, John Ibbotson wrote:
> The customers that have requested reliability are the large scale
> users of our proprietary messaging middleware MQSeries. They rely
> on the product for moving high value transactions (milions of USD)
> in the financial and other areas. For the reasons of opening
> firewall ports (amongst others), they'd like to see a more general
> purpose and standardised way of achieving the same degree of
> reliability on the internet. Hence the comment on customer
> requirements.
Surely, if that much money incentive is involved, your customers can
beat their firewall admins over the heads to get that hole punched?
It's in everyone's interests to separate mission-critical traffic
from casual Web browsing. HTTPR's reliability won't do much good when
the proxy is down for maintainence, or Web browsing is filtered, or
the ISP two hops up installs a transparent proxy overnight, and the
infrastructure admins don't realise that they're losing x million
dollars a minute as a result. The people managing the infrastructure
need to know about mission-critical apps in order to support them.
My last job happened to be administering firewalls in what I would
imagine is one of their most paranoid contexts; at a Fortune 25
financial services firm. There were clear and not terribly onerous
(considering the risk) proceedures for opening a port on the firewall
if you had an application that needed exposure. Yes, the developers
bitched about it, and yes, risk protection's job was to say "no",
which is what I imagine you're hearing about, but escalating the war
between risk protection and developers doesn't seem like a great
idea, IMHO.
Just my .02...
--
Mark Nottingham, Research Scientist
Akamai Technologies (San Mateo, CA USA)